[CDBUG-talk] blackhole time-warner
Dave Del Debbio
ddeldebb at gmail.com
Tue Jul 22 14:50:38 EDT 2008
Does else want to do this? Time Warner has a dhcp server at
10.116.176.1 serving my dynamic ip connection. I don't have a route to
10/8 in the routing table, yet I keep getting icmp echo requests
from the dhcp server and one other machine on the 10/8 subnet on my
gateway.
To prevent direct queries, reverse queries, and kill syslog "no route to
host" messages I did the following:
route -q add -inet 10.0.0.0/8 localhost -blackhole to /etc/rc
edited named.conf and added following:
acl rr { 10.0.0.0/8; };
options {
<snip>
blackhole { rr; };
<snip>
}
and have a (advice from ISC website)
zone "10.in-addr.arpa"{
type master;
file "master/empty";
};
which has:
; $OpenBSD: empty,v 0.1 2008/07/21 21:20:25 ddeldebb Exp $
$ORIGIN 10.in-addr.arpa.
$TTL 6h
@ IN SOA fw.home.deldebbio.org. root.home.deldebbio.org. (
1 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
NS blackhole-1.iana.org.
NS blackhole-2.iana.org.
Is this overkill? Is there a better way to handle RFC 1918 packets from
Time Warner?
Dave.
More information about the CDBUG-talk
mailing list